diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
index 1148e529cd9595..d198648f9d799c 100644
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@@ -110,6 +110,23 @@ agent2-cert.pem: agent2-csr.pem agent2-key.pem
 		-signkey agent2-key.pem \
 		-out agent2-cert.pem
 
+# Create a PKCS#12 file with CA for the agent.
+agent2.pfx: agent2-cert.pem agent2-key.pem
+	openssl pkcs12 -export \
+		-in agent2-cert.pem \
+		-inkey agent2-key.pem \
+		-certfile agent2-cert.pem \
+		-out agent2.pfx \
+		-password pass:sample
+
+# Create a PKCS#12 file without CA for the agent.
+agent2_noCA.pfx: agent2-cert.pem agent2-key.pem
+	openssl pkcs12 -export \
+		-in agent2-cert.pem \
+		-inkey agent2-key.pem \
+		-out agent2_noCA.pfx \
+		-password pass:sample
+
 agent2-verify: agent2-cert.pem
 	openssl verify -CAfile agent2-cert.pem agent2-cert.pem
 
diff --git a/test/fixtures/keys/agent1-pfx2.pem b/test/fixtures/keys/agent1-pfx2.pem
new file mode 100644
index 00000000000000..19f2041a5804b7
Binary files /dev/null and b/test/fixtures/keys/agent1-pfx2.pem differ
diff --git a/test/fixtures/keys/agent2.pfx b/test/fixtures/keys/agent2.pfx
new file mode 100644
index 00000000000000..34bc4b4851b6e0
Binary files /dev/null and b/test/fixtures/keys/agent2.pfx differ
diff --git a/test/fixtures/keys/agent2_noCA.pfx b/test/fixtures/keys/agent2_noCA.pfx
new file mode 100644
index 00000000000000..cd17c52e3143b6
Binary files /dev/null and b/test/fixtures/keys/agent2_noCA.pfx differ
diff --git a/test/fixtures/keys/agent2withCA.pfx b/test/fixtures/keys/agent2withCA.pfx
new file mode 100644
index 00000000000000..11a8d85417e23e
Binary files /dev/null and b/test/fixtures/keys/agent2withCA.pfx differ
diff --git a/test/parallel/test-https-pfx_cacert.js b/test/parallel/test-https-pfx_cacert.js
new file mode 100644
index 00000000000000..ea766a6d36b97b
--- /dev/null
+++ b/test/parallel/test-https-pfx_cacert.js
@@ -0,0 +1,58 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const fs = require('fs');
+
+if (!common.hasCrypto) {
+  console.log('1..0 # Skipped: missing crypto');
+  return;
+}
+const https = require('https');
+
+var pfx_withCA = fs.readFileSync(common.fixturesDir + '/keys/agent2.pfx');
+var pfx_noCA = fs.readFileSync(common.fixturesDir + '/keys/agent2_noCA.pfx');
+
+function RunTest(params) {
+  if (!params.length)
+    return;
+
+  var param = params.shift();
+  var options = {
+    host: '127.0.0.1',
+    port: common.PORT,
+    servername: 'agent2',
+    path: '/',
+    pfx: param.pfx_server,
+    passphrase: 'sample',
+    requestCert: true,
+    rejectUnauthorized: false
+  };
+  var server = https.createServer(options, function(req, res) {
+    assert.equal(req.socket.authorized, param.authorized);
+    res.writeHead(200);
+    res.end('OK');
+  });
+
+  server.listen(options.port, options.host, function() {
+    var data = '';
+    options.pfx = param.pfx_client;
+    https.get(options, function(res) {
+      res.on('data', function(data_) { data += data_; });
+      res.on('end', function() { server.close(); });
+    });
+
+    server.on('close', function() {
+      assert.equal(data, 'OK');
+      RunTest(params);
+    });
+  });
+}
+
+var test_params = [
+  {pfx_server: pfx_noCA,   pfx_client: pfx_noCA,   authorized: false},
+  {pfx_server: pfx_withCA, pfx_client: pfx_noCA,   authorized: true},
+  {pfx_server: pfx_noCA,   pfx_client: pfx_withCA, authorized: true},
+  {pfx_server: pfx_withCA, pfx_client: pfx_withCA, authorized: true}
+];
+
+RunTest(test_params);